• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 387
  • Last Modified:

Dual boot on Bitlocker

Hello experts,

I need to achieve the following configuration: I have 2 drives in a laptop, Windows 8.1 is installed on C: and both drives are 1 partitions which means C: is a SSD and D: is a SSD.

Both are bitlocked.

I need to be able to install Windows server 2012 r2 on C:\ as well and to host the labs on the bitlocked D: (which was bitlocked by Windows 8.1)

How to achieve this?
0
infernum
Asked:
infernum
  • 7
  • 6
1 Solution
 
McKnifeCommented:
Let me describe how I setup bitlocker dual booting on on disk with 2x win8.1, maybe it helps you advance with your two disks, too:

I used a hyper-v machine, so no TPM is available and the Policy "Require additional authentication at Startup" needs to be activated

add a hard drive with 40 GB, boot setup, create a 20 GB partition, install win8.1 pro/enterprise
boot setup again, install a second win8.1 into another 20 GB partition.
boot one of those, encrypt it, reboot
when starting, select the OS you just encrypted and confirm that your password works, then restart
boot the other OS by selecting F11 at the Bitlocker prompt, encrypt it using a different password of course, reboot.
Done, both are bootable, one is the default option, the other is reachable via F11, Bitlocker works for both without any issues!
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Question - why dual boot?  Why not create a VM and run 2012 R2 in a Client Hyper-V VM?
0
 
infernumAuthor Commented:
Because I need to host a Hyper-V Server and do a cluster/ live migration/ scvmm lab with 2 hyper-v hosts.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
McKnifeCommented:
You have 2012 as the hyper-v host. And on the bitlocked drive d: of that host you would like to place the virtual machine container files for two guest OS'? Is that right? Then it cannot be called dual booting, even if you start those 2 guest machines simultaneously. Please clarify.
0
 
infernumAuthor Commented:
I only have Windows 8.1 on C:\ which is encrypted using Bitlocker. Also per policy (company) I had to encrypt D:\ which is planned to host the VMs AND the Windows 2012 r2 installation if possible, of not possible, I can install the Windows 2012 r2 on C:\ I dont have a problem with that.

I can decrypt D:\ temporarily till I finish my installation.
0
 
McKnifeCommented:
You need to be aware of some limitations. You cannot install two OS' on the same partition - that's impossible.
Neither can you install an OS to an already encrypted d:.
If you decide to decrypt d: and install an OS there, you can run that OS as second OS. If you encrypt d: afterwards (which means, you boot that OS you just installed and have it encrypt itself), you will still be able to run it and also, you will be able to mount that partition from your second installation. And of course, you can still install hyper-V on it and place machines inside.

But what looks much more like a plan is to install the server as sole host OS and all others as guests - still, the whole drive could be encrypted. Why not?

Please remember: for security reasons, no bootable OS should be accessible offline, ALL should be encrypted, not just d:
0
 
infernumAuthor Commented:
So if I decrypt D:\ then install Windows Server 2012 r2 and then encrypt it from Windows Server 2012 r2 I can dual boot from C:\ and D:\ ? while C:\ is still encrypted using its own bitlocker? wont that cause problems using bcedit?
0
 
McKnifeCommented:
You might have missed my first comment. I described a 2 partition dual boot Bitlocker setup in detail. And it is no difference if both are win8.1 or one is 8.1, while the other is 2012 R2.
0
 
infernumAuthor Commented:
It wont be dual partition. The D:\ is another physical SSD, will this cause a difference?
0
 
McKnifeCommented:
No, it won't.
But still, you haven't addressed the question "why not one hypervisor and all the rest as guests?"
0
 
infernumAuthor Commented:
Because the Win 8.1 I use is my workspace. I need another installation for the fully fledged hyper-v to do my lab.
0
 
McKnifeCommented:
I see.
0
 
infernumAuthor Commented:
Thanks McKnife, I will do that and let you know what happens, just to confirm, if I decrypt D:\ , install windows on it and then re-encrypt withing its own OS (Windows Server 2012 R2) I will have Dual boot automatically? Im just confused on how will it place the bootloader?
0
 
McKnifeCommented:
I did the same basically, although the order wasn't
install 1st OS - encrypt - install 2nd - encr.
but rather
install 1st OS, install 2nd OS, encr 1st, encr. 2nd
But I don't see why it shouldn't work. Just try - I guess you are smart enough to have an image backup anyway + the recovery keys to BL.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 7
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now